Results 1 to 3 of 3
Hello, I set-up a Squid proxy server using Kerberos. The server works great for users within our domain as they are already authenticated with Kerberos, but when users outside the ...
Enjoy an ad free experience by logging in. Not a member yet? Register.
- 12-18-2009 #1
- Join Date
- Dec 2009
Squid & Kerberos: how do I get a password prompt
I set-up a Squid proxy server using Kerberos. The server works great for users within our domain as they are already authenticated with Kerberos, but when users outside the domain try to connected, they get an error message. Obviously, this is the intended function of Kerberos...but rather than just flat-out deny users who aren't authenticated with an error message, I'd like Squid to ask for a password and username--is this possible, and how do I go about doing it?
I have made the following modifications to my squid.conf file to get Kerberos to work (as well as include the keytab file in the start-up script):
auth_param negotiate program /usr/local/squid/libexec/squid_kerb_auth -d
auth_param negotiate children 10
auth_param negotiate keep_alive on
acl auth proxy_auth REQUIRED
http_access allow auth
http_access deny all
- 12-20-2009 #2
Squid kerberos authentication and ldap authorization in Active Directory Klaubert's Blog
there is a kerberos and basic auth method. probably need to tailer the basic auth to what you need, but it gives you the jist.
- 12-23-2009 #3
- Join Date
- Dec 2009
You have to use basic authentication (NCSA).I did it first,and after that I did the Active Directory authentication.The basic authentication goes like this:
auth_param basic program /usr/lib/squid/ncsa_auth /etc/squid/passwd
auth_param basic children 5
auth_param basic realm Squid-Proxy Server
auth_param basic credentialsttl 7 hours
auth_param basic casesensitive off
/etc/squid/passwd is the password hash file created like the hash for Apache authentication.When user access proxy,a pop-up window appears for username/password.You make up the acl and http_acces,et voila!
It is nice that you did Kerberos authentication,one day I will ask you for more details.....